Lucene search
K

48 matches found

OSV
OSV
added 2025/07/07 6:15 p.m.4 views

CVE-2025-20325

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster splunk.secret key. This exposure could happen if you have a Search Head cluster and...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2025/07/07 6:15 p.m.3 views

CVE-2025-20322

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References1
CVE
CVE
added 2025/03/26 10:3 p.m.68 views

CVE-2025-20227

CVE-2025-20227 affects Splunk Enterprise and Splunk Cloud Platform: a low-privileged user without admin/power roles could bypass the external content warning modal in Dashboard Studio dashboards, enabling information disclosure. Affected versions include Splunk Enterprise < 9.4.1, < 9.3.3, ...

4.3CVSS6.8AI score0.00386EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2024/12/10 6:15 p.m.30 views

CVE-2024-53247

In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.4.261 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could perform a Remote Code Execution RCE...

8.8CVSS0.01084EPSS
Exploits0References1
OSV
OSV
added 2024/10/14 5:15 p.m.3 views

CVE-2024-45734

In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed...

4.3CVSS5.8AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2024/07/01 5:15 p.m.5 views

CVE-2024-36982

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon...

7.5CVSS5.8AI score0.00491EPSS
Exploits0References1
OSV
OSV
added 2024/01/22 9:15 p.m.2 views

CVE-2024-23676

In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit...

3.5CVSS5.8AI score0.00324EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2017/04/01 12:0 a.m.61 views

Splunk Enterprise Multiple Version Information Disclosure

Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt + ISR: ApparitionSec Vendor: =============== www.splunk.com Product: ================== Splunk Enterprise Splunk provides the leading...

4.4AI score0.05853EPSS
Exploits6
Rows per page
Query Builder